Tuesday, March 9, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Vulnerability found and fixed in HP bloatware

October 12, 2019
in Internet Security
Vulnerability found and fixed in HP bloatware
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: Sandra Vogel/ZDNet

HP Touchpoint Analytics, an application that comes preinstalled on HP systems, contains a security flaw that could let malware gain admin rights and take over vulnerable systems.

The security flaw was discovered over the summer by security researchers from SafeBreach Labs.

You might also like

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

McAfee sells its enterprise business to private equity group as it focuses on consumer security

Everything you need to know about Microsoft Exchange Server hack

HP has released updates this month to address the issue.

HP desktop and laptop owners are advised to follow instructions detailed in the HP security advisory and update the HP Touchpoint Analytics client at their earliest convenience.

Vulnerability details

The HP Touchpoint Analytics app is what users normally call “bloatware,” a type of software that comes pre-installed on new devices.

The app’s purpose is to collect diagnostics data about hardware performance and send the information back to HP.

As such, the app usually whitelisted and runs with admin rights on HP systems — to be able to access various details from software drivers and other hardware components.

But in a report shared with ZDNet this week, Peleg Hadar, a security researcher with SafeBreach Labs, said he found a way to hijack the application’s normal mode of operation and load malicious DLL files to run rogue code with elevated privileges.

Hadar found what security experts call a local privilege escalation (LPE), a type of vulnerability that’s quite common in modern software.

The vulnerability won’t allow hackers to take over a system from a remote location, but it will allow local apps or malware to funnel malicious commands through its code and execute those operations with full admin rights.

While most LPE vulnerabilities are low risk, this one’s severity is amplified by the app’s huge install-base — being found on hundreds of millions of HP desktops and laptops.

This makes this vulnerability attractive to malware gangs, who will see a real benefit to gain by including it into their future exploit chains.

Controversial app

As ZDNet sister-site TechRepublic pointed out in its coverage, the disclosure of a security flaw in the HP Touchpoint Analytics app will not go down well with HP users.

In the past, users have complained about the app being nothing more than spyware disguised as an analytics app, and about the app slowing down systems on which it was installed [1, 2].

Across the years, HP denied any such rumors and said that users were free to uninstall the app at any time they wished [1, 2].

The HP Touchpoint Analytics vulnerability is the second security flaw that Hadar discovered this year in a vendor’s bloatware. He previously found one that impacted the SupportAssist app that comes pre-installed on Dell systems.

Credit: Zdnet

Previous Post

SIM Cards in 29 Countries Vulnerable to Remote Simjacker Attacks

Next Post

Can a Machine Learn to Write for The New Yorker?

Related Posts

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks
Internet Security

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

March 9, 2021
McAfee sells its enterprise business to private equity group as it focuses on consumer security
Internet Security

McAfee sells its enterprise business to private equity group as it focuses on consumer security

March 9, 2021
Everything you need to know about Microsoft Exchange Server hack
Internet Security

Everything you need to know about Microsoft Exchange Server hack

March 8, 2021
Bill establishing cyber abuse takedown scheme for adults enters Parliament
Internet Security

eSafety defends detail of Online Safety Bill as the ‘sausage that’s being made’

March 8, 2021
Maza Russian cybercriminal forum suffers data breach
Internet Security

Maza Russian cybercriminal forum suffers data breach

March 7, 2021
Next Post
Can a Machine Learn to Write for The New Yorker?

Can a Machine Learn to Write for The New Yorker?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Operationalizing AI – Introduction to the ModelOps Pipeline
Data Science

Operationalizing AI – Introduction to the ModelOps Pipeline

March 9, 2021
SCA invests in Australian AI and machine learning company
Machine Learning

SCA invests in Australian AI and machine learning company

March 9, 2021
How Image Annotation Helps in AI Development for Agriculture Sector? | by ANOLYTICS
Neural Networks

How Image Annotation Helps in AI Development for Agriculture Sector? | by ANOLYTICS

March 9, 2021
Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks
Internet Security

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

March 9, 2021
Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks
Internet Privacy

Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks

March 9, 2021
How to Begin Using DevSecOps for your Team
Data Science

How to Begin Using DevSecOps for your Team

March 9, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Operationalizing AI – Introduction to the ModelOps Pipeline March 9, 2021
  • SCA invests in Australian AI and machine learning company March 9, 2021
  • How Image Annotation Helps in AI Development for Agriculture Sector? | by ANOLYTICS March 9, 2021
  • Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks March 9, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates